1. Field of the Invention
The present invention relates to the field of the computer network security.
Portions of the disclosure of this patent document contain material that is subject to copyright protection. The copyright owner has no objection to the facsimile reproduction by anyone of the patent document or the patent disclosure as it appears in the Patent and Trademark Office file or records, but otherwise reserves all rights whatsoever.
2. Background Art
Security is an important concern in computer networks. Networks are protected from illegal entry via security measures such as firewalls, passwords, dongles, physical keys, isolation, biometrics, and other measures. FIG. 1 illustrates an example of prior art security in a network configuration. A Protective Device 102 resides between an Internal Network 101 and an Outside Network 103. There are multiple methods of content filtering, designed to protect the inside network (or a single computer) from entering of harmful data from the outside network. For example, it is done by cataloguing allowed and banned URLs, web sites, web domains or through real time scan for forbidden words or through blocking certain IP addresses and ports. The example of FIG. 1 is typical of prior art security schemes in that it is principally designed to limit entry to the network. However, there are fewer methods to prevent exits from a protected network in the form of data leaks. This is unfortunate, because a significant threat in networking is the leaking of confidential materials out of the network. Some methods of protection include recognizing predefined keywords in the outbound data and recognizing simple patterns, such as a 16-digit credit card numbers. When such identifiers are recognized and when such outbound data has not been authorized, the data transmission may be stopped. These prior art methods are inadequate for the task of providing security against data leakage.